blocking irc + botnets

hbeaumont hbeaumont ahlist at gmail.com
Thu Aug 4 19:04:12 CEST 2005


On 8/4/05, Jan Engelhardt <jengelh at linux01.gwdg.de> wrote:
> 
> 
> >We have servers that could get infected via poorly wrote user scripts. I
> 
> Fix the servers. Don't let arbitrary scripts in.
> 
> 
please take this in a friendly manner :)

When I wrote my initial message, I knew somebody would give me this type of 
reply (ie. secure your servers, smack the bad users)

However the fact is that in REAL LIFE, you will have users that use bad 
scripts or even "good" script that have bugs (phpbb, etc, etc.).

I want to find a way to make sure that we have an extra layer of protection 
to make sure our servers weren't DOS'ing other boxes - even if it was
only for a short time until an admin logged in to check the source of the 
outgoing traffic spike.

Bottom line :

I simply want to get a good ruleset to share so that anyone who might ever 
have a server compromised (even non-root, php-apache based stuff running as 
nobody) could help
stop the outgoing bad traffic. 

There is a lot of discussion on stopping things from coming into a server. 
If those of us who run servers (I'm pointing the finger at myself!) would 
take the extra effort to stop what can
possibly go out, it would solve a lot of the problems. 

I don't have the knowledge to set this up in the best method. That's why I 
asked here.

Thanks to all!


More information about the netfilter mailing list